slack-rs / slack-rs-api

Rust interface for the Slack Web API
Apache License 2.0
110 stars 67 forks source link

Move token to authorization header #105

Closed silverjam closed 10 months ago

silverjam commented 3 years ago

Possibly related to issues such as https://github.com/slack-rs/slack-rs/issues/120 or https://github.com/slack-rs/slack-rs-api/issues/102 -- the "class slack app" bot tokens don't seem to allow the token parameter to be passed as a URL parameter anymore, even though the documentation claims that it's allowed: https://api.slack.com/methods/rtm.start.

Using a fresh classic bot user token with the rtm.start call I see:

❯ curl -v -sSL 'https://slack.com/api/rtm.start?token=xoxb-123'
...
{"ok":false,"error":"invalid_auth"}

Using the same token, but moving it into the auth header, I get:

❯ curl -v -sSL 'https://slack.com/api/rtm.start' -H 'Authorization: Bearer xoxb-123'
{"ok":true,"self":{"id":"U01PX57...", ...

Thus, I create this fix/workaround, but it's kind of a hack, the SlackWebRequestSender trait should probably be changed so that the auth token is lifted out of the parameters, allowing the Sender to do with it whatever it needs.